Hey guys,
I was wondering if there’s any advantages to using prepared statements when performing a query that does not consist of any values that were inputted by the user via a form i.e. a select query that selects all the rows in a table X. Or if it’s recommended to use a standard mysqli query to prevent any unnecessary overhead, as security isn’t a concern in this context.
Many thanks.
Thanks guys for the clarification. Sort of what I expected to be the case, but needed this community’s confirmation 
If the prepare statement would contain ? then it is needed, if it doesn’t then it isn’t.
Ah, yes, if the query is a literal string then there is nothing to prepare, my reply was just to highlight that it’s not just user input that needs to treated specially, sorry for confusion 
a query that does not consist of any values that were inputted by the user via a form
Definitely. You need a prepare statement if testing a field from outside the database but if the prepare statement wouldn’t need any ? in it then you don’t need the prepare.
I’m going to disagree, if the query is static (i.e contains no variable content as per fig a) then you may as well save the repeat round trip to the db server and the additional resources (no matter how slight) and just plain execute it.
fig a.
SELECT id FROM articles
What could be gained from preparing the query prior to execution? 
Nah, that will suffice. I think I will sleep easy Thanks hash.
There is no getting around “preparing” data. It doesn’t matter where the data comes from, you could select it from your own db, it may still contain quotes.
If you actually have performance issues, do elaborate, but otherwise, just go with prepared statements and sleep a little easier